def generate_unauthorized_response(e, request):
# We may need to check the roles of the users to show the real error
eid = uuid.uuid4().hex
message = _('Not authorized to render operation') + ' ' + eid
user = get_authenticated_user_id(request)
extra = {
'r': _url(request),
'u': user
}
logger.error(
message,
exc_info=e,
extra=extra)
return UnauthorizedResponse(message)
def install(self, site, request):
registry = request.site_settings
registry.for_interface(ILayers).active_layers |= {USERS_LAYER}
user = get_authenticated_user_id(request)
create_content_in_container(site,
'UserManager',
'users',
creators=(user, ),
title='Users')
create_content_in_container(site,
'GroupManager',
'groups',
creators=(user, ),
title='Groups')
async def __call__(self):
data = await self.request.json()
if '@type' not in data and data['@type'] != 'Site':
return ErrorResponse('NotAllowed',
'can not create this type %s' % data['@type'],
status=401)
if 'title' not in data and not data['title']:
return ErrorResponse('NotAllowed', 'We need a title', status=401)
if 'id' not in data:
return ErrorResponse('NotAllowed', 'We need an id', status=401)
if 'description' not in data:
data['description'] = ''
if data['id'] in self.context:
# Already exist
return ErrorResponse('NotAllowed', 'Duplicate id', status=401)
site = create_content('Site',
id=data['id'],
title=data['title'],
description=data['description'])
# Special case we don't want the parent pointer
site.__name__ = data['id']
self.context[data['id']] = site
site.install()
self.request._site_id = site.__name__
user = get_authenticated_user_id(self.request)
# Local Roles assign owner as the creator user
roleperm = IPrincipalRoleManager(site)
roleperm.assignRoleToPrincipal('plone.Owner', user)
await notify(ObjectFinallyCreatedEvent(site))
# await notify(ObjectAddedEvent(site, self.context, site.__name__))
resp = {'@type': 'Site', 'id': data['id'], 'title': data['title']}
headers = {'Location': self.request.path + data['id']}
return Response(response=resp, headers=headers)
def generate_error_response(e, request, error, status=400):
# We may need to check the roles of the users to show the real error
eid = uuid.uuid4().hex
message = _('Error on execution of view') + ' ' + eid
user = get_authenticated_user_id(request)
extra = {
'r': _url(request),
'u': user
}
logger.error(
message,
exc_info=e,
extra=extra)
return ErrorResponse(
error,
message,
status
)
def begin(self, request=None):
"""Return new request specific transaction
:param request: current request
"""
if request is None:
request = get_current_request()
user = get_authenticated_user_id(request)
txn = getattr(request, '_txn', None)
if txn is not None:
txn.abort()
txn = request._txn = transaction.Transaction(self._synchs, self)
if user is not None:
txn.user = user
_new_transaction(txn, self._synchs)
request._txn_time = time.time()
return txn
async def __call__(self):
"""To create a content."""
data = await self.get_data()
type_ = data.get('@type', None)
id_ = data.get('id', None)
behaviors = data.get('@behaviors', None)
if not type_:
return ErrorResponse('RequiredParam',
_("Property '@type' is required"))
# Generate a temporary id if the id is not given
if not id_:
new_id = None
else:
new_id = id_
user = get_authenticated_user_id(self.request)
# Create object
try:
obj = create_content_in_container(self.context,
type_,
new_id,
id=new_id,
creators=(user, ),
contributors=(user, ))
except PreconditionFailed as e:
return ErrorResponse('PreconditionFailed', str(e), status=412)
except ConflictIdOnContainer as e:
return ErrorResponse('ConflictId', str(e), status=409)
except ValueError as e:
return ErrorResponse('CreatingObject', str(e), status=400)
for behavior in behaviors or ():
obj.add_behavior(behavior)
# Update fields
deserializer = queryMultiAdapter((obj, self.request),
IResourceDeserializeFromJson)
if deserializer is None:
return ErrorResponse('DeserializationError',
'Cannot deserialize type {}'.format(
obj.portal_type),
status=501)
try:
await deserializer(data, validate_all=True)
except DeserializationError as e:
return ErrorResponse('DeserializationError',
str(e),
exc=e,
status=400)
# Local Roles assign owner as the creator user
roleperm = IPrincipalRoleManager(obj)
roleperm.assignRoleToPrincipal('plone.Owner', user)
await notify(ObjectFinallyCreatedEvent(obj))
absolute_url = queryMultiAdapter((obj, self.request), IAbsoluteURL)
headers = {
'Access-Control-Expose-Headers': 'Location',
'Location': absolute_url()
}
serializer = queryMultiAdapter((obj, self.request),
IResourceSerializeToJson)
return Response(response=serializer(), headers=headers, status=201)
async def __call__(self):
"""To create a content."""
data = await self.get_data()
type_ = data.get('@type', None)
id_ = data.get('id', None)
behaviors = data.get('@behaviors', None)
if '__acl__' in data:
# we don't allow to change the permisions on this patch
del data['__acl__']
if not type_:
return ErrorResponse(
'RequiredParam',
_("Property '@type' is required"))
# Generate a temporary id if the id is not given
if not id_:
new_id = None
else:
new_id = id_
user = get_authenticated_user_id(self.request)
# Create object
try:
obj = create_content_in_container(
self.context, type_, new_id, id=new_id, creators=(user,),
contributors=(user,))
except PreconditionFailed as e:
return ErrorResponse(
'PreconditionFailed',
str(e),
status=412)
except ConflictIdOnContainer as e:
return ErrorResponse(
'ConflictId',
str(e),
status=409)
except ValueError as e:
return ErrorResponse(
'CreatingObject',
str(e),
status=400)
for behavior in behaviors or ():
obj.add_behavior(behavior)
# Update fields
deserializer = queryMultiAdapter((obj, self.request),
IResourceDeserializeFromJson)
if deserializer is None:
return ErrorResponse(
'DeserializationError',
'Cannot deserialize type {}'.format(obj.portal_type),
status=501)
try:
await deserializer(data, validate_all=True)
except DeserializationError as e:
return ErrorResponse(
'DeserializationError',
str(e),
exc=e,
status=400)
# Local Roles assign owner as the creator user
roleperm = IPrincipalRoleManager(obj)
roleperm.assign_role_to_principal(
'plone.Owner',
user)
await notify(ObjectFinallyCreatedEvent(obj, data))
absolute_url = queryMultiAdapter((obj, self.request), IAbsoluteURL)
headers = {
'Access-Control-Expose-Headers': 'Location',
'Location': absolute_url()
}
serializer = queryMultiAdapter(
(obj, self.request),
IResourceSerializeToJson
)
return Response(response=serializer(), headers=headers, status=201)
async def __call__(self):
data = await self.request.json()
if '@type' not in data and data['@type'] != 'Site':
return ErrorResponse(
'NotAllowed',
'can not create this type %s' % data['@type'],
status=401)
if 'title' not in data and not data['title']:
return ErrorResponse(
'NotAllowed',
'We need a title',
status=401)
if 'id' not in data:
return ErrorResponse(
'NotAllowed',
'We need an id',
status=401)
if 'description' not in data:
data['description'] = ''
if data['id'] in self.context:
# Already exist
return ErrorResponse(
'NotAllowed',
'Duplicate id',
status=401)
site = create_content(
'Site',
id=data['id'],
title=data['title'],
description=data['description'])
# Special case we don't want the parent pointer
site.__name__ = data['id']
self.context[data['id']] = site
site.install()
self.request._site_id = site.__name__
user = get_authenticated_user_id(self.request)
# Local Roles assign owner as the creator user
roleperm = IPrincipalRoleManager(site)
roleperm.assign_role_to_principal(
'plone.Owner',
user)
await notify(ObjectFinallyCreatedEvent(site))
# await notify(ObjectAddedEvent(site, self.context, site.__name__))
resp = {
'@type': 'Site',
'id': data['id'],
'title': data['title']
}
headers = {
'Location': self.request.path + data['id']
}
return Response(response=resp, headers=headers)